Discover in this article how to secure your mobile communications

The cyber attack landscape is constantly evolving. Cyber criminals are industrialising their activities and becoming increasingly ingenious in their efforts to obtain sensitive company data, with the aim of reselling it or exploiting it to conduct further attacks.

In this context, new risks related to the exchange of data via mobile devices are emerging, in addition to existing persistent threats. What are the challenges associated with these cyber threats? How can you protect yourself and secure your company's mobile communications? 

Quantum computers capable of deciphering data

Data encryption protects communications by making them completely unreadable if intercepted by a malicious party. 

Current data encryption techniques (RSA and ECC) rely on algorithms that use mathematical problems that are extremely difficult to solve with conventional computers, such as factoring large numbers into prime components.

Far more powerful, quantum computers will potentially be able to solve current cryptographic systems in a short time. These computers use qubits to perform calculations much faster than traditional computers. Some quantum algorithms, such as Shor's algorithm, can only be used on quantum computers and are capable of breaking current cryptographic systems by solving these mathematical problems.

Faced with this new risk, post-quantum cryptography uses encryption algorithms designed to withstand attacks from quantum computers. These algorithms are based on mathematical problems such as lattice-based cryptography or isogeny-based calculations to render data indecipherable.

This threat is still limited: quantum computers are still rare and very expensive. But they are set to become more widespread over the next decade, making it important to understand the cyber security issues associated with quantum computing.

The evolution of SIM card related risks 

The global proliferation of smartphones is leading to an increase in sophisticated cyber threats, particularly via physical SIM cards. 

The most widespread attack today for this type of technology is SIM card hijacking. In this type of situation, the attacker impersonates the victim to the telecom operator and persuades them to transfer the victim’s mobile phone number to a new SIM card. The potential effects of this type of attack include bypassing Multi Factor Authentication (MFA), identity theft, or smishing (SMS phishing) and vishing (voice phishing) enabling the attacker to make calls or send text messages from the victim's number. 

Unlike traditional SIM cards, the eSIM (embedded SIM) is a “virtual SIM card”, embedded in an integrated circuit directly soldered to the mobile device. Remotely programmable, they allow businesses to change their package or operator without having to handle a physical card.

Offering greater flexibility, eSIMs prevent theft or loss of the card, but this technology is not immune to other types of cyber attacks, such as SIM swapping. Through SIM swapping, cyber criminals collect personal information about the victim, often via phishing techniques, social networks or compromised databases. They then contact the customer service department of the victim's operator, posing as the victim to transfer the phone number to a new SIM card or eSIM profile under their control. The attackers are then able to receive all calls, messages and authentication codes sent to the victim's phone number.

The risk is serious: criminals can use SIM swapping to carry out and authenticate fraudulent transfers, access the victim's messaging services and applications to exfiltrate data, etc. Other attacks allow hackers to manipulate eSIM profiles to access the victim's personal data or intercept their communications.

Fortunately, eSIM management platforms offer security guarantees against these threats. Firstly, they enable multi-factor authentication to be set up for all eSIM profile changes. They can also send real-time alerts in the event of an attempted eSIM profile change. Certain platforms also use algorithms to detect suspicious behaviours and identify repeated transfer attempts or those originating from unusual geographical locations. 

Unlike quantum threats, attacks targeting eSIM cards are already being exploited by cyber criminals. It is therefore important to protect against them immediately.

How to protect yourself from these attacks in 3 steps

First step - Prevention and training: 

It is essential to train company employees to prevent the risks associated with cyber attacks, by implementing dedicated training courses and fraudulent email or text message campaigns encouraging them to click on risky links.

Second step - Protection: 

Employees are increasingly exchanging and storing sensitive information on their phones. For profit or for espionage purposes, mobile phones are now prime targets for cyber criminals. 

The methods used can vary, from malware or spyware attacks to the interception of call/SMS messages. For the most experienced hackers, this type of attack targets an organisation's information system in order to steal highly confidential data.

In addition to prevention, strengthening the protection of communications with secure communications and collaboration solutions with end-to-end encryption and authentication (MFA) is an essential step in securing a company's data lifecycle. To protect an organisation's most sensitive data, it is best to prioritise solutions with an appropriate level of security. 

With the generalisation of remote work, the use of a secure VPN avoids the risk of data interception when an employee connects to a public network to access their workspace during a business trip.  

 Third step - Audit: 

Conducting security audits enables CIOs and CISOs to identify vulnerabilities in the company's IT infrastructure and act accordingly by adjusting their strategy. 

New cyber threats are emerging, jeopardising the security of mobile communications. They provide organisations with the opportunity to rethink their cyber security strategy by anticipating new risks of the coming years. With its Cryptosmart solution, Ercom helps you meet the challenge of securing mobile devices and communications against current and future threats through its data and communication protection technologies. You also benefit from the highest level of security to protect your most sensitive data, thanks to “Restricted Distribution”* certification issued by the ANSSI.  Moreover, Cryptosmart Mobile is also eSIM compatible, allowing you to combine operator flexibility with eSIM and security with Cryptosmart technology in a certified, secure package.

*Renewal in progress